For developing a mobile app, there is a choice of storing usernames and password data in the device itself, or in a server (user will be authenticated to a server). Other than possibly the user have to manage multiple passwords if he has multiple devices, is there a drawback for the former choice? Also, the app is supposed to connect to internet anyway, so "no internet connection" is not an issue.

1 Answer
1

Here's the generic answer: storing authentication credentials on a device puts those credentials at risk of offline attack. If a device is responsible for saying it is authenticated, then the somebody may spoof it.

Credential caching is not without merit or precedent. Windows systems perform credential caching for network-disconnected logins.